There are currently public systems for tracking known software vulnerabilities in certain pieces or versions of software frequently used online. For instance, Mitre Corporation publicizes raw information about disclosed vulnerabilities or security weaknesses in software through a dictionary called CVE® Common Vulnerabilities and Exposures system and a list called CWE™ Common Weakness Enumeration system.
The pace at which these vulnerabilities are publicized is often rapid, and thus it can be difficult even for companies having a full-time server and application administrators to keep track of required updates. As a result, there may be vulnerable pieces of software installed as part of an application or as part of a server software stack, despite the existence of publically available fixes for known vulnerabilities. Lack of knowledge about the need to update software used in applications or servers cause them to remain vulnerable.